As part of our vulnerability research work at NCC Group we find many vulnerabilities (bugs) in commercial products and systems and for the past nine years we have kept a detailed internal log of these bugs.
In this whitepaper prepared by Matt Lewis, Research Director at NCC Group, we provide some analysis of the data that we’ve captured in terms of types of bug found, their risk ratings, whether there are any trends in specific vulnerability classes and whether there are any observations around the overall responsible disclosure process.
<
p style=”text-align: center;”>
